Analysis Summary

CVE-2025-30668 CVSS:6.5

Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.

CVE-2025-46785 CVSS:6.5

Multiple Zoom Workplace Apps for Windows are vulnerable to a denial of service, caused by a buffer over-read flaw.

CVE-2025-46786 CVSS:4.3

Zoom Workplace Apps could allow a remote attacker to bypass security restrictions, caused by improper neutralization of special elements.

CVE-2025-30663 CVSS:8.8

Multiple Zoom Workplace Apps could allow a local authenticated attacker to gain elevated privileges on the system, caused by time-of-check time-of-use race condition.

CVE-2025-30664 CVSS:6.6

Multiple Zoom Workplace Apps could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper neutralization of special elements.

CVE-2025-30665 CVSS:6.5

Multiple Zoom Workplace Apps are vulnerable to a denial of service, caused by NULL pointer dereference.

CVE-2025-30666 CVSS:6.5

Multiple Zoom Workplace Apps are vulnerable to a denial of service, caused by NULL pointer dereference.

CVE-2025-30667 CVSS:6.5

Multiple Zoom Workplace Apps are vulnerable to a denial of service, caused by NULL pointer dereference.

Impact

• Denial of Service
• Security Bypass
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2025-30668
• CVE-2025-46785
• CVE-2025-46786
• CVE-2025-30663
• CVE-2025-30664
• CVE-2025-30665
• CVE-2025-30666
• CVE-2025-30667

Affected Vendors

Remediation

Refer to Zoom Security Advisory for patch, upgrade or suggested workaround information.

CVE-2025-30668

CVE-2025-46785

CVE-2025-46786

CVE-2025-30663

CVE-2025-30664

CVE-2025-30665

CVE-2025-30666

CVE-2025-30667